As I was trolling facebook earlier this week I came across a posting on a friends page, that is pictured to the left. Upon seeing this posting I decided to do a little digging as the use of shortened url’s has become the norm thanks to twitter links. Upon clicking on the link users were redirected to what appeared to be a facebook login page at 1st glance, however upon looking at the browser URL the shortened link provided in the original posting directs users to a site named hxxp://phasebooklogine.t35.com this site is hosted on a free and quick and easy to setup hosting site named t35.com
This image shows what the login page looks like and as you can see it’s a somewhat convincing page unless you look closer. Most user would type in their credentials without thinking twice, due to what I call blind faith in what appears to be something originating from a “friend”
This site is another example of just one of the attack vectors that are currently widely disbursed on all social networking sites, primarily myspace, facebook, youtube, and twitter. This vector here of course is a modified approach to your standard phishing attacks, phishing attacks usually come in the form of emails from your bank, your friend , etc and use the same tactic of harvesting user credentials via an authentic looking login page that in some instances will do nothing after you enter your creds, and in other cases will forward you on to the legitimate site.
In the case of phasebooklogine.t35.com upon entering any credentials the page would direct you to one of about 5 randomized seemingly legitimate facebook apps.
Consider this part one of this facebook analysis article specific to posted phishing attacks, I will be writing a followup article with more technical details as to my analysis.
No comments:
Post a Comment